4efbc987e858c66a9b0e30126c8b6850000e22c2302fe87589e863e967b41d2f

Resubmissions

12-06-2021 01:07

210612-pkfttvzb56 10

Analysis

max time kernel
300s
max time network
301s
platform
windows10_x64
resource
win10v20210410
submitted
12-06-2021 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
Size

1.3MB
MD5

93f36079ec006937a740fdab9163f81d
SHA1

6dac1e093e259bebbaeebf8498ff2fe6b1e61c3e
SHA256

4efbc987e858c66a9b0e30126c8b6850000e22c2302fe87589e863e967b41d2f
SHA512

9b86ecc5bbe2de6c550ff2e10900ae4e15cbb209059069069a5194a0f49be9f01568873d1cec94f71cbf89ff240de355b29e81c3a71da2e042793be4914fdf1c

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3872	Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe

C:\Users\Admin\AppData\Local\Temp\Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Sniper Ghost Warrior Contracts 2 v1.0 Plus 15 Trainer.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3872-114-0x000001950DE40000-0x000001950DE78000-memory.dmp

Filesize
224KB

Download
memory/3872-116-0x000001950DED0000-0x000001950DED2000-memory.dmp

Filesize
8KB

Download
memory/3872-117-0x000001950DED3000-0x000001950DED5000-memory.dmp

Filesize
8KB

Download
memory/3872-118-0x000001950DED6000-0x000001950DED7000-memory.dmp

Filesize
4KB

Download
memory/3872-119-0x000001950DED7000-0x000001950DED8000-memory.dmp

Filesize
4KB

Download
memory/3872-120-0x000001950DED8000-0x000001950DEDA000-memory.dmp

Filesize
8KB

Download
memory/3872-121-0x000001950DEDA000-0x000001950DEDF000-memory.dmp

Filesize
20KB

Download